December 27, 2023 at 01:06AM
Adversaries are targeting poorly secured Linux SSH servers to install malware for carrying out cryptocurrency mining and DDoS attacks. AhnLab Security Emergency Response Center warns of installing scanners and selling breached IP and account credentials on the dark web. To mitigate risks, users are advised to use strong, updated passwords and regularly rotate them.
From the meeting notes on Dec 27, 2023, the following key takeaways were identified:
1. The threat landscape involves poorly secured Linux SSH servers being targeted by bad actors to install port scanners and dictionary attack tools in order to co-opt vulnerable servers into networks and carry out cryptocurrency mining and DDoS attacks.
2. Threat actors may also choose to install only scanners and sell breached IP and account credentials on the dark web.
3. Adversaries attempt to guess a server’s SSH credentials using a dictionary attack and if successful, they deploy other malware, including scanners, to scan for other vulnerable systems on the internet.
4. The threat actors’ tools are believed to have been created by PRG Old Team and have evidence of being used as early as 2021.
5. To mitigate the risks associated with these attacks, it is recommended that users rely on hard-to-guess passwords, periodically rotate them, and keep their systems up-to-date.
6. Kaspersky revealed the existence of a novel multi-platform threat called NKAbuse, which leverages a decentralized, peer-to-peer network connectivity protocol known as NKN for DDoS attacks.
These takeaways provide a comprehensive understanding of the security threats and recommended mitigation measures discussed in the meeting.